| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS07-029 | Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966) | Microsoft Windows | Critical | 09-05-2007 |
Technical Information
Brief overview of the risk:
A remote code execution vulnerability exists in the Domain Name System (DNS) Server Service in all supported server versions of Windows that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.
Detailed Information on the risk:
This bulletin covers patches for a vulnerability in the management RPC interface for Microsoft DNS Server that was discovered in the wild last month. Exploits for this vulnerability have since been widely distributed, although in most networks the impacted RPC services should be firewalled off from the Internet.Further information on this exploit is available at : MS07-029
Affected Software
Microsoft Windows 2000 Server Service Pack 4Microsoft Windows Server 2003 Service Pack 1 and Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition Service Pack 1 and Microsoft Windows Server 2003 x64 Edition Service Pack 2